{"description":"\u306a\u305c\u300cwindow.\u25cb\u25cb || {\u2026}\u300d\u304c\u5371\u967a\u30d1\u30bf\u30fc\u30f3\u306a\u306e\u304b \u4e00\u8a00\u3067 \u3053\u306e\u66f8\u304d\u65b9\u306f\u300cwindow\u4e0a\u306b\u201c\u305d\u308c\u3063\u307d\u3044\u5024\u201d\u304c\u3042\u308c\u3070\u4f55\u3067\u3082\u63a1\u7528\u3059\u308b\u300d\u3068\u3044\u3046\u610f\u5473\u306b\u306a\u308a\u307e\u3059\u3002 \u3059\u308b\u3068\u653b\u6483\u8005\u304cDOM Clobbering\u306a\u3069\u3067 window.\u25cb\u25cb \u3092\u201c\u507d\u7269\u201d\u3067\u5148\u306b\u57cb\u3081\u308c\u3070\u3001\u30a2\u30d7\u30ea\u306f\u305d\u308c\u3092\u6b63\u3057\u3044\u8a2d\u5b9a\u30aa\u30d6\u30b8\u30a7\u30af\u30c8\u3068\u4fe1\u3058\u3066\u4f7f\u3063\u3066\u3057\u307e\u3044\u307e\u3059\u3002 \u3082\u3046\u5c11\u3057\u5177\u4f53\u7684\u306b\uff08\u4f55\u304c\u8d77\u304d\u308b\uff1f\uff09 truthy/falsy \u3060\u3051\u3067\u5224\u5b9a\u3057\u3066\u3057\u307e\u3046 JavaScript\u306e A || B \u306f\u3001A\u304ctruthy\u306a\u3089A\u3092\u8fd4\u3057\u307e\u3059\u3002 \u3064\u307e\u308a let cfg = window.cfg || {avatar: '...'}; \u306f\u3001window.cfg \u2026","width":"100%","blog_title":"Shikata Ga Nai","blog_url":"https://cysec148.hatenablog.com/","version":"1.0","author_url":"https://blog.hatena.ne.jp/ThisIsOne/","provider_name":"Hatena Blog","categories":["Web Security Academy","XSS"],"type":"rich","provider_url":"https://hatena.blog","html":"","published":"2025-08-20 18:46:41","image_url":null,"url":"https://cysec148.hatenablog.com/entry/2025/08/20/184641","author_name":"ThisIsOne","height":"190","title":"\u3010\u6709\u6599\u8a66\u4f5c\u7248\u3011PortSwigger LAB\u89e3\u8aac\uff1a\u7d9a\u30fbExploiting DOM clobbering to enable XSS\uff08DOM Clobbering\u3067XSS\u767a\u706b\uff09"}